on 06-20-2014 2:49 AM
Hi,
We are setting up F5 load balancer for our UAT environment and facing the following issues
The SMP version is 2.3 SP03 and Work Manager is V6 with LAM
1. The client has provided a certificate and chain certificate which in public certificate by Entrust for a URL that they want to use to access the work manager application
e.g. URL : sapmobilem.workm.com
DNS is configured for the above URL.
2. Using the above certificate and private key I have created the .pfx file which have used in the work manager deployment bundle and the entries for the same are done in the Agentry.ini file.
3. Also I have installed the chain certificate on the server.
4.The application is running on the TCP on port 7003 and the server name is CLOSMSUPU.
5. The team doing the F5 changes has configured the following
a. redirection to the above mentioned server using TCP and offloading SSL disabled.( tried with enable SSL offloading also)
b.443 port is configure to accept the connection from the work manager application
6. When I am using the Work Manager application with server as the above FQDNs and port as 443 I am getting SSL Invalid Chain error.
7. There is no log item created on the UAT server where the work manager application is running. The event.log file has no entry for the attempt to connect.
Please let me know what could be the issue.
Tags edited by: Michael Appleby
Hi All,
I apologies for asking the question in the middle of the discussion.. Actually I am also working on environment where I need to setup/ configure the F5 load balancer in between SMP and SAP backend system.I have no idea on how to achive this,
what configuration/ setting I need to do in my SMP / SAP Control Center if some one can provide a steps / guide or any link which help me to achive this then that will be really a great help.
I have already started the new discussion on the forum but didn't got much reply on that..
here is the link for the discussion link - http://scn.sap.com/thread/3599675
Thanks in Advance,
- Amey
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Amey,
This question is dealing specifically with the load balancer between the client and SMP server (specifically for an Agentry application). You are asking about a load balancer between the SMP server and SAP which will be a different setup and configuration. You are also not using an Agentry application so this thread really doesn't apply.
I see you have already created a new thread for your question which is the right place to start.
Good luck!
With SMP 2.3, Agentry is using the ANGEL protocol. While the server is using SSL encryption it is not an standard protocol that can be proxied. You need to configure the F5 for a TCP pass through configuration.
The SSL Invalid Chain error will occur because of one of two reasons. The server name entered on the client does not exactly match the common name on the certificate in the .pfx file or the certificate authority that signed the certificiate is not trusted. The second in particular may be an issue is there are intermediate authorities.
Have you tried using a port other than 443 on the F5. The F5 may be expecting https traffic and in turn returning the certificate of the F5 rather than passing through the traffic to the SMP server.
In terms of a log entry I wouldn't be surprised if you don't see anything until it gets beyond the certificate check which is currently failing.
--Bill
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
It is not normally recommend to use port 443 because that is the Default HTTPs port.
Can you confirm that you can connect with a client even from the machine itself?
Stephen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
What client are you trying to use?
If windows (win32, WPF or ATE) you can setup the FQHN in the hosts file on the windows macine and specify the IP address of the server so that it will resolve locally instead of from the DNS server. This will allow you to confirm the certificate setup on the SMP server.
--Bill
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.